Saturday, March 21, 2009

Conficker/Downadup Update

Conficker is getting a new third generation version, which is pushed to already infected systems, the new version will use a new algorithm for calling domain names looking for new updates, moving from 500 domain per day with old versions into an aggressive 50,000 domain per day, which will make the security researchers life much harder to catch it by predicting the domain it will call, specially if the new version will use 116 different domain suffixes.

The new version is not more aggressive in infecting other machines, however its purpose is to keep the current infected machines as long as possible. 

There are more stages to come from the worm, as many experts are expecting the worm author to transform the infected machines into a botnet to be used in SPAM, DDOS or other malicious activities.

Detailed Analysis:

Free removal tool:

more details on conficker.C

Extensive Analysis:

PRNG Algorithm:

No comments: